Bug in Bind 9.8 or am I doing something wrong?
Lyle Giese
lyle at lcrcomputer.net
Tue Sep 6 14:32:21 UTC 2011
On 9/6/2011 9:13 AM, Tony Finch wrote:
> Lyle Giese<lyle at lcrcomputer.net> wrote:
>
>> zone "chaseprod.local"{
>> type forward;
>> forwarders {10.0.100.205;};};
>>
>> This seemed to work until I added some stuff for DNSSEC to my named.conf.
>
> In order to forward a zone in the presence of DNSSEC validation, the zone
> has to have a valid delegation in the public DNS. You can't use forwarding
> to splice some private namespace onto the public DNS.
>
> There is a new "static-stub" zone type which should avoid this problem,
> though it has a number of other differences from a forwarding
> configuration.
>
> Tony.
Changing zone to:
zone "chaseprod.local"{
type static-stub;
server-addresses {10.0.100.205;};};
And adding back in the DNSSEC stuff, it's still broke, but the output
from dig changes.
; <<>> DiG 9.8.0-P4 <<>> @127.0.0.1 chasew8s1.corp.chaseprod.local
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Very informative. But if I disable DNSSEC, resolution using a
static-stub zone does work.
Lyle Giese
LCR Computer Services, Inc.
More information about the bind-users
mailing list